EP1496664A3 - System, method and security module for securing the access of a user to at least one automation component of an automation system - Google Patents

System, method and security module for securing the access of a user to at least one automation component of an automation system Download PDF

Info

Publication number
EP1496664A3
EP1496664A3 EP04016223A EP04016223A EP1496664A3 EP 1496664 A3 EP1496664 A3 EP 1496664A3 EP 04016223 A EP04016223 A EP 04016223A EP 04016223 A EP04016223 A EP 04016223A EP 1496664 A3 EP1496664 A3 EP 1496664A3
Authority
EP
European Patent Office
Prior art keywords
automation
security module
access
securing
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP04016223A
Other languages
German (de)
French (fr)
Other versions
EP1496664A2 (en
Inventor
Johann Arnold
Hendrik Gerlach
Siegfried Richter
Thomas Talanis
Frank Volkmann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP1496664A2 publication Critical patent/EP1496664A2/en
Publication of EP1496664A3 publication Critical patent/EP1496664A3/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

Für einen sicheren Schutz eines privaten Netzes vor unberechtigtem Zugriff z. B. aus einem Büronetz umfasst erfindungsgemäß eine Vorrichtung (1) zur Sicherung eines Datenzugriffs eines Kommunikationsteilnehmers (2) auf mindestens eine Automatisierungskomponente (4) eines Automatisierungssystems (6) innerhalb eines Automatisierungsnetzes (7) ein Sicherheitsmodul (14) mit mindestens einem Filter (16a bis 16z) zur Überwachung und Prüfung einer Kommunikationsanfrage (K), wobei in einem ersten Filter (16a) anhand eines der Kommunikationsanfrage (K) zugeordneten, gesicherten Authentifikationszeichens (T) zwischen dem Kommunikationsteilnehmer (2) und dem Sicherheitsmodul (14) ein authentifizierter Datenverkehr aufgebaut wird, in welchem eine der Kommunikationsanfrage (K) zugrunde liegende Datenübertragung in Abhängigkeit des Prüfungsergebnisses freigeschaltet oder gesperrt wird.

Figure imgaf001
For a secure protection of a private network against unauthorized access z. B. from an office network according to the invention comprises a device (1) for securing a data access of a communication subscriber (2) on at least one automation component (4) of an automation system (6) within an automation network (7) a security module (14) with at least one filter (16a to 16z) for monitoring and checking a communication request (K), wherein in a first filter (16a) based on one of the communication request (K) associated, secured authentication sign (T) between the communication subscriber (2) and the security module (14) an authenticated data traffic is set up in which one of the communication request (K) underlying data transmission is enabled or disabled depending on the test result.
Figure imgaf001
EP04016223A 2003-07-10 2004-07-09 System, method and security module for securing the access of a user to at least one automation component of an automation system Ceased EP1496664A3 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10331307 2003-07-10
DE2003131307 DE10331307A1 (en) 2003-07-10 2003-07-10 Device and method and security module for securing a data access of a communication subscriber to at least one automation component of an automation system

Publications (2)

Publication Number Publication Date
EP1496664A2 EP1496664A2 (en) 2005-01-12
EP1496664A3 true EP1496664A3 (en) 2008-12-10

Family

ID=33441710

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04016223A Ceased EP1496664A3 (en) 2003-07-10 2004-07-09 System, method and security module for securing the access of a user to at least one automation component of an automation system

Country Status (2)

Country Link
EP (1) EP1496664A3 (en)
DE (1) DE10331307A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005035697A1 (en) * 2005-07-27 2007-02-08 Siemens Ag Method for establishing a direct cross-network communication connection
DE102005035698A1 (en) * 2005-07-27 2007-02-08 Fujitsu Siemens Computers Gmbh Method for establishing a direct, cross-network and secure communication link
WO2009027756A2 (en) 2007-08-28 2009-03-05 Abb Research Limited Real-time communication security for automation networks
US8863234B2 (en) * 2008-08-06 2014-10-14 The Boeing Company Collaborative security and decision making in a service-oriented environment
EP2159653B1 (en) * 2008-09-02 2014-07-23 Siemens Aktiengesellschaft Method for assigning access authorisation to a computer-based object in an automation system, computer program and automation system
EP2400708B1 (en) 2010-06-22 2013-12-04 Siemens Aktiengesellschaft Network protection device
EP2464059A1 (en) * 2010-11-19 2012-06-13 Siemens Aktiengesellschaft Switch-network nodes for a communication network with integrated safety components
DE102011106497B4 (en) * 2011-06-15 2018-11-15 Messer Cutting Systems Gmbh System for remote maintenance or diagnosis of a computer-controlled flame cutting machine
DE102013209914A1 (en) * 2013-05-28 2014-12-04 Siemens Aktiengesellschaft Filtering a data packet by means of a network filter device
EP3382976A1 (en) * 2017-03-30 2018-10-03 Siemens Aktiengesellschaft Protective device, method and apparatus comprising a protection device for protecting a communication network associated with the device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1241850A2 (en) * 2001-03-16 2002-09-18 Kleinwort Benson Limited A method and system to provide and manage secure access to internal computer systems from an external client
US6463474B1 (en) * 1999-07-02 2002-10-08 Cisco Technology, Inc. Local authentication of a client at a network device
US20030084331A1 (en) * 2001-10-26 2003-05-01 Microsoft Corporation Method for providing user authentication/authorization and distributed firewall utilizing same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6463474B1 (en) * 1999-07-02 2002-10-08 Cisco Technology, Inc. Local authentication of a client at a network device
EP1241850A2 (en) * 2001-03-16 2002-09-18 Kleinwort Benson Limited A method and system to provide and manage secure access to internal computer systems from an external client
US20030084331A1 (en) * 2001-10-26 2003-05-01 Microsoft Corporation Method for providing user authentication/authorization and distributed firewall utilizing same

Also Published As

Publication number Publication date
EP1496664A2 (en) 2005-01-12
DE10331307A1 (en) 2005-02-10

Similar Documents

Publication Publication Date Title
DE60220780T2 (en) REMOTE NANNY FINGERPRINTS ON AN UNCERTAIN NETWORK
DE60223129T2 (en) METHOD AND SYSTEM FOR SECURING A COMPUTER NETWORK AND PERSONAL IDENTIFICATION DEVICE USED FOR CONTROLLING NETWORK COMPONENT ACCESS
EP1496664A3 (en) System, method and security module for securing the access of a user to at least one automation component of an automation system
EP1326469A3 (en) Method and device for authenticating subscribers in a communications network
EP1521421A3 (en) Layered security methods and apparatus in a gaming system environment
DE102015109057A1 (en) Lock access to confidential vehicle diagnostic data
DE102006043363A1 (en) System and method for collecting traffic data using sounding vehicles
WO2010026152A1 (en) Method for granting authorization to access a computer-based object in an automation system, computer program, and automation system
EP1188151A1 (en) Devices and methods for biometric authentication
EP1278332A3 (en) Method and system for real time recording with security module
EP1126655A1 (en) Method of hardware and software authentication in a network system
EP3767513B1 (en) Method for secure execution of a remote signature, and security system
DE102017208551A1 (en) Method for protecting a network from cyber attack
EP3734478A1 (en) Method for allocating certificates, management system, use of same, technical system, system component and use of identity provider
EP4193567B1 (en) Method for securely equipping a vehicle with an individual certificate
EP3518190A1 (en) Method and device for multi-factor authentication
DE102013105727A1 (en) Method for deactivating a security system
DE102017208545A1 (en) Method for protecting a network from cyber attack
DE102011083828A1 (en) Method for protection against plagiarism and arrangement for implementation
WO2005114945A1 (en) Method for authenticating a communications unit while using a lasting programmed secret code word
DE102021001170A1 (en) Method for securing access to a vehicle to be unlocked
EP2477352A2 (en) verification of identification of Identity card data for customers handling
WO2011131365A1 (en) Method for configuring an application for a terminal
EP1912406A3 (en) Cryptographical calculations for VoIP connections
DE4131248A1 (en) Testing terminal communicating with chip cards - using secret key and code algorithm stored in chip card and in terminal security module

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL HR LT LV MK

17P Request for examination filed

Effective date: 20081211

17Q First examination report despatched

Effective date: 20090128

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20090813